From d4bb2d3468b09bd318301a8f2718189746efc45c Mon Sep 17 00:00:00 2001
From: security tracker role <sectracker@soriano.debian.org>
Date: Mon, 10 Aug 2020 20:10:20 +0000
Subject: automatic update

---
 data/CVE/2020.list | 143 +++++++++++++++++++++++++++++------------------------
 1 file changed, 78 insertions(+), 65 deletions(-)

diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 3faae2af4b..0b8a560544 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,3 +1,31 @@
+CVE-2020-17478 (ECDSA/EC/Point.pm in Crypt::Perl before 0.33 does not properly conside ...)
+	TODO: check
+CVE-2020-17477
+	RESERVED
+CVE-2020-17476 (Mibew Messenger before 3.2.7 allows XSS via a crafted user name. ...)
+	TODO: check
+CVE-2020-17475
+	RESERVED
+CVE-2020-17474
+	RESERVED
+CVE-2020-17473
+	RESERVED
+CVE-2020-17472
+	RESERVED
+CVE-2020-17471
+	RESERVED
+CVE-2020-17470
+	RESERVED
+CVE-2020-17469
+	RESERVED
+CVE-2020-17468
+	RESERVED
+CVE-2020-17467
+	RESERVED
+CVE-2020-17466
+	RESERVED
+CVE-2020-17465
+	RESERVED
 CVE-2020-17464
 	RESERVED
 CVE-2020-17463
@@ -3775,14 +3803,13 @@ CVE-2020-15664
 	RESERVED
 CVE-2020-15663
 	RESERVED
-CVE-2020-15662
-	RESERVED
-CVE-2020-15661
-	RESERVED
+CVE-2020-15662 (A rogue webpage could override the injected WKUserScript used by the d ...)
+	TODO: check
+CVE-2020-15661 (A rogue webpage could override the injected WKUserScript used by the l ...)
+	TODO: check
 CVE-2020-15660
 	RESERVED
-CVE-2020-15659
-	RESERVED
+CVE-2020-15659 (Mozilla developers and community members reported memory safety bugs p ...)
 	{DSA-4740-1 DSA-4736-1 DLA-2310-1 DLA-2297-1}
 	- firefox 79.0-1
 	- firefox-esr 68.11.0esr-1
@@ -3791,44 +3818,37 @@ CVE-2020-15659
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15659
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15659
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-35/#CVE-2020-15659
-CVE-2020-15658
-	RESERVED
+CVE-2020-15658 (The code for downloading files did not properly take care of special c ...)
 	- firefox 79.0-1
 	- thunderbird <not-affected> (Only affects Thunderbird 78.x)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15658
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15658
-CVE-2020-15657
-	RESERVED
+CVE-2020-15657 (Firefox could be made to load attacker-supplied DLL files from the ins ...)
 	- firefox <not-affected> (Only affects Windows)
 	- thunderbird <not-affected> (Only affects Windows)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15657
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15657
-CVE-2020-15656
-	RESERVED
+CVE-2020-15656 (JIT optimizations involving the Javascript arguments object could conf ...)
 	- firefox 79.0-1
 	- thunderbird <not-affected> (Only affects Thunderbird 78.x)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15656
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15656
-CVE-2020-15655
-	RESERVED
+CVE-2020-15655 (A redirected HTTP request which is observed or modified through a web  ...)
 	- firefox 79.0-1
 	- thunderbird <not-affected> (Only affects Thunderbird 78.x)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15655
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15655
-CVE-2020-15654
-	RESERVED
+CVE-2020-15654 (When in an endless loop, a website specifying a custom cursor using CS ...)
 	- firefox 79.0-1
 	- thunderbird <not-affected> (Only affects Thunderbird 78.x)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15654
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15654
-CVE-2020-15653
-	RESERVED
+CVE-2020-15653 (An iframe sandbox element with the allow-popups flag could be bypassed ...)
 	- firefox 79.0-1
 	- thunderbird <not-affected> (Only affects Thunderbird 78.x)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15653
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15653
-CVE-2020-15652
-	RESERVED
+CVE-2020-15652 (By observing the stack trace for JavaScript errors in web workers, it  ...)
 	{DSA-4740-1 DSA-4736-1 DLA-2310-1 DLA-2297-1}
 	- firefox 79.0-1
 	- firefox-esr 68.11.0esr-1
@@ -3837,24 +3857,22 @@ CVE-2020-15652
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15652
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15652
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-35/#CVE-2020-15652
-CVE-2020-15651
-	RESERVED
-CVE-2020-15650
-	RESERVED
+CVE-2020-15651 (A unicode RTL order character in the downloaded file name can be used  ...)
+	TODO: check
+CVE-2020-15650 (Given an installed malicious file picker application, an attacker was  ...)
 	- firefox-esr <not-affected> (Android specific)
 	- firefox <not-affected> (Android specific)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-31/#CVE-2020-15650
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15650
-CVE-2020-15649
-	RESERVED
+CVE-2020-15649 (Given an installed malicious file picker application, an attacker was  ...)
 	- firefox-esr <not-affected> (Android specific)
 	- firefox <not-affected> (Android specific)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-31/#CVE-2020-15649
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15649
-CVE-2020-15648
-	RESERVED
-CVE-2020-15647
-	RESERVED
+CVE-2020-15648 (Using object or embed tags, it was possible to frame other websites, e ...)
+	TODO: check
+CVE-2020-15647 (A Content Provider in Firefox for Android allowed local files accessib ...)
+	TODO: check
 CVE-2020-15646
 	RESERVED
 	{DSA-4718-1}
@@ -7658,7 +7676,7 @@ CVE-2020-14002 (PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to
 	[jessie] - putty <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=08f1e2a5066ea95559945af339a60ca14560d764 (0.74)
 CVE-2020-14001 (The kramdown gem before 2.3.0 for Ruby processes the template option i ...)
-	{DLA-2316-1}
+	{DSA-4743-1 DLA-2316-1}
 	[experimental] - ruby-kramdown 2.3.0-1
 	- ruby-kramdown <unfixed> (bug #965305)
 	NOTE: https://github.com/advisories/GHSA-mqm2-cgpr-p4m6
@@ -9300,22 +9318,18 @@ CVE-2020-13297
 	RESERVED
 CVE-2020-13296
 	RESERVED
-CVE-2020-13295
-	RESERVED
+CVE-2020-13295 (For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd ...)
 	- gitlab-ci-multi-runner <unfixed>
 	NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/
-CVE-2020-13294
-	RESERVED
+CVE-2020-13294 (In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not re ...)
 	[experimental] - gitlab 13.1.6-1
 	- gitlab <unfixed>
 	NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/
-CVE-2020-13293
-	RESERVED
+CVE-2020-13293 (In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexa ...)
 	[experimental] - gitlab 13.1.6-1
 	- gitlab <unfixed>
 	NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/
-CVE-2020-13292
-	RESERVED
+CVE-2020-13292 (In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass  ...)
 	[experimental] - gitlab 13.1.6-1
 	- gitlab <unfixed>
 	NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/
@@ -18589,16 +18603,16 @@ CVE-2020-9531 (An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices.
 	NOT-FOR-US: Xiaomi
 CVE-2020-9530 (An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. The  ...)
 	NOT-FOR-US: Xiaomi
-CVE-2020-9529
-	RESERVED
-CVE-2020-9528
-	RESERVED
-CVE-2020-9527
-	RESERVED
-CVE-2020-9526
-	RESERVED
-CVE-2020-9525
-	RESERVED
+CVE-2020-9529 (Firmware developed by Shenzhen Hichip Vision Technology (V6 through V2 ...)
+	TODO: check
+CVE-2020-9528 (Firmware developed by Shenzhen Hichip Vision Technology (V6 through V2 ...)
+	TODO: check
+CVE-2020-9527 (Firmware developed by Shenzhen Hichip Vision Technology (V6 through V2 ...)
+	TODO: check
+CVE-2020-9526 (CS2 Network P2P through 3.x, as used in millions of Internet of Things ...)
+	TODO: check
+CVE-2020-9525 (CS2 Network P2P through 3.x, as used in millions of Internet of Things ...)
+	TODO: check
 CVE-2020-9524 (Cross Site scripting vulnerability on Micro Focus Enterprise Server an ...)
 	NOT-FOR-US: Micro Focus
 CVE-2020-9523 (Insufficiently protected credentials vulnerability on Micro Focus ente ...)
@@ -19302,8 +19316,8 @@ CVE-2020-9245
 	RESERVED
 CVE-2020-9244
 	RESERVED
-CVE-2020-9243
-	RESERVED
+CVE-2020-9243 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have ...)
+	TODO: check
 CVE-2020-9242
 	RESERVED
 CVE-2020-9241
@@ -21523,8 +21537,8 @@ CVE-2020-8231
 	RESERVED
 CVE-2020-8230
 	RESERVED
-CVE-2020-8229
-	RESERVED
+CVE-2020-8229 (A memory leak in the OCUtil.dll library used by Nextcloud Desktop Clie ...)
+	TODO: check
 CVE-2020-8228
 	RESERVED
 CVE-2020-8227
@@ -21533,8 +21547,8 @@ CVE-2020-8226
 	RESERVED
 CVE-2020-8225
 	RESERVED
-CVE-2020-8224
-	RESERVED
+CVE-2020-8224 (A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arb ...)
+	TODO: check
 CVE-2020-8223
 	RESERVED
 CVE-2020-8222 (A path traversal vulnerability exists in Pulse Connect Secure &lt;9.1R ...)
@@ -26576,8 +26590,8 @@ CVE-2020-6147
 	RESERVED
 CVE-2020-6146
 	RESERVED
-CVE-2020-6145
-	RESERVED
+CVE-2020-6145 (An SQL injection vulnerability exists in the frappe.desk.reportview.ge ...)
+	TODO: check
 CVE-2020-6144
 	RESERVED
 CVE-2020-6143
@@ -26772,8 +26786,7 @@ CVE-2020-6071 (An exploitable denial-of-service vulnerability exists in the reso
 	[jessie] - vlc <end-of-life> (Not supported in jessie LTS)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0994
 	NOTE: These were addressed on the source level in 3.0.9, but 3.0.8-4 disables the plugin
-CVE-2020-6070
-	RESERVED
+CVE-2020-6070 (An exploitable code execution vulnerability exists in the file system  ...)
 	- f2fs-tools <unfixed>
 	[buster] - f2fs-tools <no-dsa> (Minor issue)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0988
@@ -30042,12 +30055,12 @@ CVE-2020-4543
 	RESERVED
 CVE-2020-4542 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...)
 	NOT-FOR-US: IBM
-CVE-2020-4541
-	RESERVED
+CVE-2020-4541 (IBM Jazz Reporting Service 7.0 and 7.0.1 is vulnerable to cross-site s ...)
+	TODO: check
 CVE-2020-4540
 	RESERVED
-CVE-2020-4539
-	RESERVED
+CVE-2020-4539 (IBM Jazz Reporting Service 6.0.2, 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vu ...)
+	TODO: check
 CVE-2020-4538
 	RESERVED
 CVE-2020-4537
@@ -30058,8 +30071,8 @@ CVE-2020-4535
 	RESERVED
 CVE-2020-4534 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a  ...)
 	NOT-FOR-US: IBM
-CVE-2020-4533
-	RESERVED
+CVE-2020-4533 (IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cr ...)
+	TODO: check
 CVE-2020-4532 (IBM Business Automation Workflow and IBM Business Process Manager (IBM ...)
 	NOT-FOR-US: IBM
 CVE-2020-4531
-- 
cgit v1.2.3